Many enterprises and service providers strive to improve security and usability of services they provide over their networks. Access control techniques such as single sign-on and the like are popular because they may satisfy both security and usability requirements established by enterprises and service providers. For example, access control techniques such as single sign-on and the like may permit a user to use one set of login credentials (e.g., name and password) to access multiple related yet independent systems. Further, many enterprises and service providers store user names and passwords in a single, centralized repository, which is vulnerable to credential harvesting attacks. Similarly, many users centrally store credentials on their own machine, or in an application (e.g., as embedded credentials), both of which are likewise vulnerable to attack and theft.
However, individual systems often have different credential requirements and require users to update their passwords at different intervals, resulting in users having to keep track of a large number of different logon credentials for different systems. There is thus a need for technological solutions for creating passwordless and distributed authentication to allow a system to verify an identity without a password or other authentication credential associated with the identity. There is further a need for technological solutions allowing such distributed authentication where individual enterprises lack a sufficient number of ledgers and thus need to coordinate with other enterprises to perform distributed authentication. In addition, there is a need for technological solutions addressing what information to store in, and what information to omit from, ledgers used in distributed authentication.
Further, there is a need for technological solutions for allowing for authorization or authentication in large networks of sensors (e.g., IoT sensors). Such authorization or authentication should be policy-based and should account for operational permissions, connection permissions, access permissions, access controls, and other parameters. Further, such authorization or authentication techniques should be granular, and operate on a request-specific basis for individual identities. Rather than utilize simply a deterministic rules-based decision for such requests by identities, authorization or authentication should take into account credibility scores or probabilities based on all available data regarding the identity and the request.